[reg]
Total=4

[cmd]
numSections=4
1=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 1
Total=9
2=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 2
3=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 3
4=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 4
5=TASK_BASED VERB_DISABLE OBJ_TASK \Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh
6=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 1
7=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 2
8=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 3
9=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 4

[1]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
DateM=2024/06/18 05:34:29
SD=O:SYG:SYD:AI(A;ID;KR;;;AU)(A;OICIIOID;GR;;;AU)(A;ID;KA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;KA;;;BA)(A;OICIIOID;GA;;;BA)(A;ID;KR;;;AC)(A;OICIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;OICIIOID;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)
key=Software\Policies\Microsoft\Windows Defender
param=DisableAntiSpyware
data=1
dataDecoded=1
hash=83DCEFB7

[2]
hive=HKLM
type=REG_SZ
redir=0
empty=-1
DateM=1899/12/30 00:00:00
SD=
key=Software\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}
param=
data=
dataDecoded=
hash=00000000

[3]
hive=HKLM
type=REG_SZ
redir=0
empty=-1
DateM=1899/12/30 00:00:00
SD=
key=Software\Microsoft\AMSI\Providers2\{2781761E-28E0-4109-99FE-B9D127C57AFE}
param=
data=
dataDecoded=
hash=00000000

[4]
hive=HKLM
type=REG_SZ
redir=0
empty=-1
DateM=1899/12/30 00:00:00
SD=
key=Software\Microsoft\AMSI\UacProviders\{2781761E-28E2-4109-99FE-B9D127C57AFE}
param=
data=
dataDecoded=
hash=00000000